• Zone transfers should only be permitted by master name servers to update the zone
(domain) information in their slave servers. Failure to do so may result in IP numbers and
hostnames being revealed to unauthorized users. Restrict queries to only public domains.
Suitable for name servers with both public and private zones.

• Control which interfaces named listens on. Restricting the interfaces on which named
runs can limit the exposure to only the necessary networks.
listen-on { 192.168.1.1; };

• Use Access Control Lists to classify groups of hosts with differing degrees of trust. The
“internal” ACL label might be used to describe internal hosts that are permitted a greater
degree of access to the information than other hosts might be. Before it can be used it
must be defined:

acl “internal” {
{ 192.168.1.0/24; 192.168.2.11; };
};

It can then be used in “zone” statements or the main “options” statement:
zone “inside.mynet.com” {
type master;
file “master/inside.mynet.com”;
allow-query { “internal”; };
};

• Configure BIND to run as a normal user. Once BIND has been started, it has the ability
to relinquish its privileges, and run as a user with limited abilities instead of root.
# useradd -M -r -d /var/named -s /bin/false named
# groupadd -r named

This account should be used for nothing other than running the name server. Ensure the
zone files are readable by the named user. It is then necessary to modify the default
named init script, typically found in /etc/rc.d/init.d/named on Red Hat or
/etc/init.d/named on Debian:
/usr/sbin/named -u named -g named

It is also possible to run named in a “chroot jail” which helps to restrict the damage that
can be done should named be subverted.